GUERNSEY must be prepared to reconsider its data protection laws if the UK decides to introduce new legislation. Data protection commissioner Dr Peter Harris said the island must not become a soft touch.
MPs are considering changes to the law that would make chief executives directly responsible for safeguarding the public’s personal information.
If approved, they could make improper or careless treatment of data a criminal offence.
‘It’s early days but if the UK does move in a particular direction with legislation on data protection, it’s something we will have to look at,’ said Dr Harris.
‘It is important that we do not become an easy option for companies or individuals to get away with carelessness or improper data sharing. It’s particularly relevant in these times of the internet and when so many organisations hold so much information about so many people.’
The call for changes to the UK law has been strengthened by the recent HM Revenue and Customs breach, in which details of 25 million people were lost, and yesterday’s news about data loss from the NHS.
The UK is seen as liberal on data protection standards and the government is being investigated by the European Commission for failing to implement the Data Protection Act sufficiently.
In Guernsey, Dr Harris said the island’s laws did not have very sharp teeth.
‘If someone lost personal data in Guernsey or the UK, they would not have to tell anybody,’ he said.
‘They could quietly look for it and nobody would have to be any wiser. However, in the United States it’s required by law that the regulator must be informed if this happens. This has good and bad points because it’s important for people to find out about serious breaches, but there is also the risk that the authorities can become inundated with minor cases.’
There should be an emphasis on company directors to take responsibility for data protection and turn certain careless practices into a criminal act, added Dr Harris.
‘If a doctor left a briefcase full of patients’ details on a train, it would not be a criminal offence, whereas there is an argument that it should be.’
He said the local business community, and particularly the finance sector, already did a good job when it came to data protection. ‘In my opinion, companies are very aware of the benefits of having good data protection policies because it comes down to customers’ trust.
‘Having and adhering to a good policy makes for an attractive marketing advantage.’
FRM Investment Management compliance officer Ian McLennan said data protection was taken seriously and as a real obligation.
‘However, the increase in identity theft means that security over personal information is now more important than ever,’ he said.
‘If a business needs this information to be made portable on laptops, CDs or downloaded via email, clearly this must also be properly protected and company directors need to be responsible for ensuring that extra care is taken.’
Loading ...
Share this article:
What are these?